1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-30 11:31:32 +01:00

8842 Commits

Author SHA1 Message Date
Werner Koch
7b928c2564
speedo: Add new option STATIC=1
--

This can be used to build GnuPG with static versions of the core
gnupg libraries.  For example:

 make -f build-aux/speedo.mk STATIC=1 SELFCHECK=0 \
     INSTALL_PREFIX=/somewhere/gnupg22  native

The SELFCHECK=0 is only needed to build from a non-released version.
You don't need it with a released tarball.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-02-19 10:51:27 +01:00
Werner Koch
5e3679ae39
kbx: Fix detection of corrupted keyblocks on 32 bit systems.
* kbx/keybox-search.c (blob_cmp_fpr): Avoid overflow in OFF+LEN
checking.
(blob_cmp_fpr_part): Ditto.
(blob_cmp_name): Ditto.
(blob_cmp_mail): Ditto.
(blob_x509_has_grip): Ditto.
(keybox_get_keyblock): Check OFF and LEN using a 64 bit var.
(keybox_get_cert): Ditto.
--

On most 32 bit systems size_t is 32 bit and thus the check

  size_t cert_off = get32 (buffer+8);
  size_t cert_len = get32 (buffer+12);
  if (cert_off+cert_len > length)
    return gpg_error (GPG_ERR_TOO_SHORT);

does not work as intended for all supplied values.  The simplest
solution here is to cast them to 64 bit.

In general it will be better to avoid size_t at all and work with
uint64_t.  We did not do this in the past because uint64_t was not
universally available.

GnuPG-bug-id: 3770
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-02-15 11:41:46 +01:00
NIIBE Yutaka
ca138d5bf3 gpg: Fix reversed messages for --only-sign-text-ids.
* g10/keyedit.c (keyedit_menu): Fix messages.

--

GnuPG-bug-id: 3787
Fixes-commit: a74aeb5dae1f673fcd98b39a6a0496f3c622709a
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-02-15 14:22:06 +09:00
Katsuhiro Ueno
df97fe2480
agent: Avoid appending a '\0' byte to the response of READKEY
* agent/command.c (cmd_readkey): Set pkbuflen to the length of the output
without an extra '\0' byte.
2018-02-14 17:11:17 +01:00
Werner Koch
80719612b7
sm: Fix minor memory leak in --export-p12.
* sm/export.c (gpgsm_p12_export): Free KEYGRIP.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-02-14 14:54:51 +01:00
Katsuhiro Ueno
29aac77980
sm: Fix a wrong key parameter in an exported private key file
* sm/export.c (sexp_to_kparms): Fix the computation of array[6],
which must be 'd mod (q-1)' but was 'p mod (q-1)'.
--

This bug is not serious but makes some consistency checks fail.
For example, 'openssl rsa -check' reports the following error:

$ gpgsm --out my.key --export-secret-key-raw 0xXXXXXXXX
$ openssl rsa -check -noout -inform DER -in my.key
RSA key error: dmq1 not congruent to d

--
Let me(wk) add this:

This bug was introduced with
Fixes-commit: 91056b1976bfb7b755e53b1302f4ede2b5cbc05d
right at the start of GnuPG 2.1 in July 2010.  Before that (in 2.0) we
used gpg-protect-tool which got it right.  We probably never noticed
this because gpgsm, and maybe other tools too, fix things up during
import.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-02-14 14:49:47 +01:00
Werner Koch
f19ff78f0f
common: Use new function to print status strings.
* common/asshelp2.c (vprint_assuan_status_strings): New.
(print_assuan_status_strings): New.
* agent/command.c (agent_write_status): Replace by call to new
function.
* dirmngr/server.c (dirmngr_status): Ditto.
* g13/server.c (g13_status): Ditto.
* g13/sh-cmd.c (g13_status): Ditto.
* sm/server.c (gpgsm_status2): Ditto.
* scd/command.c (send_status_info): Bump up N.
--

This fixes a potential overflow if LFs are passed to the status
string functions.  This is actually not the case and would be wrong
because neither the truncating in libassuan or our escaping is not the
Right Thing.  In any case the functions need to be more robust and
comply to the promised interface.  Thus the code has been factored out
to a helper function and N has been bumped up correctly and checked in
all cases.

For some uses this changes the behaviour in the error case (i.e. CR or
LF passed): It will now always be C-escaped and not passed to
libassuan which would truncate the line at the first LF.

Reported-by: private_pers
2018-02-14 12:21:44 +01:00
Arnaud Fontaine
25f3b69129 scd: Improve KDF-DO support
* scd/app-openpgp.c (pin2hash_if_kdf): Check the content of KDF DO.

--

Length check added by gniibe.

Signed-off-by: Arnaud Fontaine <arnaud.fontaine@ssi.gouv.fr>
2018-02-13 09:28:13 +09:00
NIIBE Yutaka
0a3bec2c25 scd: Fix handling for Data Object with no data.
* scd/app-openpgp.c (get_cached_data): Return NULL for Data Object
with no data.

--

When GET_DATA returns no data with success (90 00), this routine
firstly returned buffer with length zero, and secondly (with cache)
returned NULL, which is inconsistent.  Now, it returns NULL for both
cases.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-02-12 18:56:58 +09:00
Andre Heinecke
e0658b19d9
doc: Add compliance de-vs to gpgsm in vsnfd.prf
* doc/examples/vsnfd.prf: Set complaince mode for gpgsm.
2018-02-09 09:45:28 +01:00
NIIBE Yutaka
015fe1c47b scd: Use pipe to kick the loop on NetBSD.
* configure.ac (HAVE_PSELECT_NO_EINTR): New.
* scd/scdaemon.c (scd_kick_the_loop): Write to pipe.
(handle_connections): Use pipe.

--

On NetBSD, signal to the same process cannot unblock pselect,
with unknown reason.  Use pipe instead, for such systems.

GnuPG-bug-id: 3778
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-02-07 12:43:07 +09:00
Werner Koch
f98e193c84
gpg: Update list of card vendors from master
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-02-01 12:05:19 +01:00
NIIBE Yutaka
64aa98c8a0 tests: Fix for NetBSD with __func__.
* tests/asschk.c: Don't define __func__ if available.

--

NetBSD 7.0 has __func__ defined.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-01-29 09:34:37 +09:00
Werner Koch
f8e868d9df
dirmngr: Improve assuan error comment for cmd keyserver.
* dirmngr/server.c: Add error comment in case --resolve fails in
ensure_keyserver.
--

GnuPG-bug-id: 3756
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-27 19:46:19 +01:00
NIIBE Yutaka
d7207b39b7 agent: Fix last commit.
* configure.ac: Check ucred.h as well as sys/ucred.h.
* agent/command-ssh.c: Add inclusion of ucred.h.

--

It was T2981, adding ucred.h for Solaris.  We also need sys/ucred.h
for FreeBSD and macOS.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-01-26 10:42:31 +09:00
NIIBE Yutaka
08e686a6a6 agent: More fix for get_client_pid for portability.
* configure.ac: Check sys/ucred.h instead of ucred.h.
    * agent/command-ssh.c: Include sys/ucred.h.

--

It's *BSD and macOS thing.

Fixes-commit: f7f806afa5083617f4aba02fc3b285b06a7d73d4
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-01-26 10:13:34 +09:00
Werner Koch
91a3d15cee
doc: Note --quick-gen-key as an alias for --quick-generate-key
--
2018-01-25 15:14:37 +01:00
NIIBE Yutaka
91303b7df9 scd: Support KDF Data Object of OpenPGPcard V3.3.
* scd/app-openpgp.c (do_getattr, do_setattr): Add KDF support.
(pin2hash_if_kdf): New.
(verify_a_chv): Add PINLEN arg.  Use pin2hash_if_kdf.
(verify_chv2, do_sign): Follow the change of verify_a_chv.
(verify_chv3, do_change_pin): Use pin2hash_if_kdf.

--

GnuPG-bug-id: 3152
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-01-22 19:46:14 +09:00
Werner Koch
e1e35db510
gpg: Fix the use of future-default with --quick-add-key.
* g10/keygen.c (parse_key_parameter_part): Add arg clear_cert.
(parse_key_parameter_string): Add arg suggested_use and implement
fallback.  Change callers to pass 0 for new arg.
(parse_algo_usage_expire): Pass the parsed USAGESTR to
parse_key_parameter_string so that it can use it in case a subkey is
to be created.
--

The problem here was that future-default gives the primary and subkey
algorithm.  However, when using future-default for adding a key, the
second part was always used which is for encryption.  If the caller
now wanted to create a signing subkey using the future-default
parameters this did not worked.

  gpg --batch --passphrase "" --quick-add-key FPR future-default encr

aready worked as did

  gpg --batch --passphrase "" --quick-add-key FPR ed25519 sign

but

  gpg --batch --passphrase "" --quick-add-key FPR future-default sign

does only work with this fix.

GnuPG-bug-id: 3747
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-18 13:39:19 +01:00
Andre Heinecke
6fb5713f4a
doc: Note pinentry-mode for passphrase opts
* doc/gpg.texi (--passphrase, --passphrase-file, --passphrase-fd):
Note that pinentry-mode needs to be loopback.

Signed-off-by: Andre Heinecke <aheinecke@intevation.de>
2018-01-09 08:48:54 +01:00
Werner Koch
339b3301ee
gpg: Print all keys with --decrypt --list-only.
* g10/mainproc.c (proc_pubkey_enc): Use dedicated error code for
list-only and put the key into PKENC_LIST.
(print_pkenc_list): Take care of the new error code.
--

If the secret keys exist in --list-only mode it was not printed in
--list-only mode.

GnuPG-bug-id: 3718
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-08 09:30:31 +01:00
Werner Koch
4d3c500f47
gpg: Allow "futuredefault" as alias for "future-default".
* g10/keygen.c (parse_key_parameter_string): Allow "futuredefault" and
use case-insensitive matching
(quick_generate_keypair): Ditto.
(parse_algo_usage_expire): Ditto.
--

The man page is sometimes rendered in a way that the hyphen may be
not be considered as part of the string.  And while at it we also
allow case-insensitivity.

GnuPG-bug-id: 3655
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-01 14:59:30 +01:00
Werner Koch
412bb7a801
gpg: Allow the use of "cv25519" and "ed25519" in the keygen parms.
* g10/keygen.c (gen_ecc): Map curve names.
--

See
https://lists.gnupg.org/pipermail/gnupg-users/2017-December/059619.html

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-29 20:18:20 +01:00
NIIBE Yutaka
4f88b0f561 scd: Fix for inactive card at start by internal CCID driver.
* scd/ccid-driver.c (do_close_reader): Set NULL on close.
(bulk_in): Move DEBUGOUT and check by EP_INTR.
(ccid_get_atr): Clear powered_off flag after initial status check.

--

Many card readers automatically turn on inserted card, but some
defaults to turning off at start.

GnuPG-bug-id: 3508
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-12-27 17:20:03 +09:00
Kristian Fiskerstrand
a684988829
build: Increase libassuan min version to 2.5.0
--
assuan_sock_set_system_hooks is used unconditionally in gnupg since
commit 9f641430dcdecbd7ee205d407cb19bb4262aa95d, and as such it requires
libassuan 2.5.0 (function introduced in
commit 90dc81682b13a7cf716a8a26b891051cbd4b0caf)

For a detailed description see:
https://lists.gnupg.org/pipermail/gnupg-devel/2017-December/033323.html
2017-12-22 13:35:42 +01:00
Werner Koch
f3ba66781a
kbx: Simplify by removing custom memory functions.
* kbx/keybox-util.c (keybox_set_malloc_hooks): Remove.
(_keybox_malloc, _keybox_calloc, keybox_realloc)
(_keybox_free): Remove.
(keybox_file_rename): Remove.  Was not used.
* sm/gpgsm.c (main): Remove call to keybox_set_malloc_hooks.
* kbx/kbxutil.c (main): Ditto.
* kbx/keybox-defs.h: Remove all separate includes.  Include util.h.
remove convenience macros.
* common/logging.h (return_if_fail): New.  Originally from
keybox-defs.h but now using log_debug.
(return_null_if_fail): Ditto.
(return_val_if_fail): Ditto.
(never_reached): Ditto.
--

Originally the KBX code was written to allow standalone use.  However
this required lot of ugliness like separate memory allocators and
such.  It also precludes the use of some standard functions from
common due to their use of the common gnupg malloc functions.
Dropping all that makes things easier.  Minor disadvantages: the kbx
call done for gpg will now use gcry malloc fucntions and not the
standard malloc functions.  This might be a bit slower but removing
them even fixes a possible bug in keybox_tmp_names which is used in
gpg and uses gpg's xfree which is actually gcry_free.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-22 12:55:46 +01:00
Werner Koch
290348e349
common: Use larger buffer for homedir in case of 64 bit UIDs.
* common/homedir.c (_gnupg_socketdir_internal): Enlarge PREFIX by 6
bytes for "/gnupg".
--

The temporary buffer was to short for the extra "/gnupg".  However the
20 bytes for the UID is large enough for all 32 bit UIDs and would
only fail (detected) if  a 64 bit UID is used.

Fixes-commit: 17efcd2a2acdc3b7f00711272aa51e5be2476921
Reported-by: Rainer Perske.
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-20 15:37:29 +01:00
Werner Koch
84555d5372
Post release updates
--
2017-12-20 10:13:54 +01:00
Werner Koch
558b17593a
Release 2.2.4 gnupg-2.2.4 2017-12-20 08:31:22 +01:00
Werner Koch
b497578814
po: Auto-update
--
2017-12-20 08:30:40 +01:00
Petr Pisar
43aaf60449
po: Update Czech translation
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-19 19:50:30 +01:00
Ineiev
c7b8ec6c8e
po: Update Russian translation 2017-12-19 19:45:27 +01:00
Werner Koch
7449063b1a
wks: New server options --check, --with-dir, with-file.
* tools/gpg-wks-server.c (aCheck, oWithDir, oWithFile): New const.
(opts): New options --check, --with-dir, and --with-file.
(main): Call command_check_key.
(command_list_domains): Implement option --with-dir.
(fname_from_userid): New.
(command_check_key): New.
(command_remove_key): Implement existsing command.
(command_revoke_key): Call command_remove_key as a simple
implementation.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-19 17:42:10 +01:00
Werner Koch
faecaf80f0
po: Auto-update
--

Mainly due to removed translations in debug messages.
2017-12-19 12:39:25 +01:00
Werner Koch
3a48455b0b
po: Fix a string in de and nl. Mark a string in ro and sk fuzzy.
--

These wrong translations are propably due to accidently removing a
fuzzy mark.

A German translation (gpgsm audit feature) was actually reversed.

A Dutch translation has an unused ": %s" at the end.

I am not 100% of the Romanian and Slovak strings, thus I marked them
as fuzzy.

GnuPG-bug-id: 3619
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-19 12:36:49 +01:00
Werner Koch
482e000b8a
conf: New option --status-fd.
* tools/gpgconf.c (oStatusFD): New const.
(opts): New option --status-fd.
(statusfp): New var.
(set_status_fd): New.
(gpgconf_write_status): New.
(gpgconf_failure): New.
(main): Set status fd and replace exit by gpgconf_failure.
* tools/gpgconf-comp.c: Repalce exit by gpgconf_failure.
(gc_process_gpgconf_conf): Print a few warning status messages.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-18 17:46:05 +01:00
Werner Koch
d74c40cef0
gpgconf: Show --compliance in expert mode.
* tools/gpgconf-comp.c (gc_options_gpg): Set compliance to expert.
(gc_options_gpgsm): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-18 16:31:54 +01:00
Werner Koch
8c878ae4c9
sm: Allow explicit setting of the default --compliance=gnupg
* sm/gpgsm.c (main): Allow setting of the default compliance.
* tools/gpgconf-comp.c (gc_options_gpgsm): Add "compliance".
--

This is required so that we can use this option in in gpgconf.conf.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-18 12:05:31 +01:00
NIIBE Yutaka
e3ddeff66e po: Update Japanese translation.
* po/ja.po: Fix message with no "%s".

--

Backport of master commit from: 77e2fcb4ffbad8577a2cf41f17bf92dec6a93ad8

The wrong message caused segmentation fault for key generation when
no expiration is specified.

GnuPG-bug-id: 3619
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2017-12-18 14:22:19 +09:00
Werner Koch
416cf9e9be
gpg: Print a warning for too much data encrypted with 3DES et al.
* g10/filter.h (cipher_filter_context_t): Remove unused filed
'create_mdc'.  Turn field 'header' into a bit field.  Add new fields
'short_blklen_warn' and 'short_blklen_count'.
* g10/cipher.c (write_header): Print a warning if MDC is not used.
(cipher_filter): Print a warning for long messages encrypted with a
short block length algorithm.
--

Note that to test this warning in a reliable way compression needs to
be disabled.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-13 13:02:34 +01:00
Werner Koch
b5333e13cb
gpg: Simplify cipher:write_header.
* g10/cipher.c (write_header): Use write_status_printf.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-13 12:15:40 +01:00
Werner Koch
067e62fe55
indent: Re-indent g10/cipher.c
--
2017-12-13 12:14:52 +01:00
Werner Koch
9f641430dc
gpg: Simplify default_recipient().
* g10/pkclist.c (default_recipient): Use hexfingerprint.
--

Note that on malloc failure this function now returns NULL instead of
terminating the process.  However, under memory pressure any function
called latter will very likely fail as well.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-13 11:03:06 +01:00
Werner Koch
cd26c5482b
gpg: Return an error from hexfingerprint on malloc error.
* g10/keyid.c (hexfingerprint): Return NULL on malloc failure.  Chnage
all callers.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-13 10:52:34 +01:00
Werner Koch
29119a6492
gpg: Remove some xmallocs.
* g10/getkey.c (get_pubkeys): Do not use xmalloc.
--

We eventually need to get rid of all xmallocs so that gpg won't fail
easily when we make more use of the s server mode.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-13 10:07:30 +01:00
Werner Koch
8602b980df
indent: Re-indent get_pubkeys.
--
2017-12-13 10:07:28 +01:00
Daniel Kahn Gillmor
8ede3ae29a
gpg: default-preference-list: prefer SHA512.
* g10/keygen.c (keygen_set_std_prefs): when producing default internal
personal-digest-preferences, keep the same order.  When publishing
external preferences, state preference for SHA512 first.

--

SHA-512 has a wider security margin than SHA-256.  It is also slightly
faster on most of the architectures on which GnuPG runs today.  New
keys should publish defaults that indicate we prefer the stronger,
more performant digest.

Specifically, this changes --default-preference-list from:

   SHA256 SHA384 SHA512 SHA224

to:

   SHA512 SHA384 SHA256 SHA224

This patch deliberately avoids touching --personal-digest-preferences
(which itself would affect the default of --digest-algo and
--cert-digest-algo), so that public-facing cleartext signatures and
identity certifications will continue to be made with SHA256 by
default.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2017-12-12 15:07:43 +01:00
Werner Koch
c81a447190
Change backlog from 5 to 64 and provide option --listen-backlog.
* agent/gpg-agent.c (oListenBacklog): New const.
(opts): New option --listen-backlog.
(listen_backlog): New var.
(main): Parse new options.
(create_server_socket): Use var instead of 5.
* dirmngr/dirmngr.c: Likewise.
* scd/scdaemon.c: Likewise.
--

GnuPG-bug-id: 3473
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-12 14:14:40 +01:00
Werner Koch
17efcd2a2a
build: New configure option --enable-run-gnupg-user-socket.
* configure.ac: (USE_RUN_GNUPG_USER_SOCKET): New ac_define.
* common/homedir.c (_gnupg_socketdir_internal): Add extra directories.
--

This allows to build GnuPG with an extra socketdir below /run.  See
https://lists.gnupg.org/pipermail/gnupg-devel/2017-November/033250.html
for a longer explanation why this is sometimes useful.

Suggested-by: Rainer Perske
Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-12 09:42:43 +01:00
Werner Koch
20b52be9ca
dirmngr: Check for WKD support at session end
* dirmngr/domaininfo.c (insert_or_update): Copy the name.
* dirmngr/misc.c (copy_stream): Allow arg OUT to be NULL.
* dirmngr/server.c (set_error): Protect CTX.
(dirmngr_status): Protect against missing ASSUAN_CTX.
(dirmngr_status_help): Ditto.
(dirmngr_status_printf): Ditto.
(cmd_wkd_get): Factor code out to ...
(proc_wkd_get): new func.  Support silent operation with no CTX.
(task_check_wkd_support): New.
--

This finalizes the feature to efficiently cache WKD checks.  If a
standard WKD query returns no data, we queue a test to be run after
the end of the session (so that we do not delay the calling client).
This check tests whether the server responsible for the queried
address has WKD at all enabled.  The test is done by checking whether
the "policy" file exists.  We do not check the "submission-address"
file because that is not necessary for the web key operation.  The
policy file is now required.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit d4e2302d8f4a1ff52d56da4f8e3a5d1c6303822d)
2017-12-11 11:31:15 +01:00